Attackers breached the servers of RSA and stole information that could be used to compromise the security of two-factor authentication tokens used by 40 million employees to access sensitive corporate and government networks, the company said late Thursday.

“Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT),” RSA Executive Chairman Art Coviello said in an undated letter posted on the company's website. “Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems.”

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

For seven days, reporters, researchers, and customers have called on RSA, and its parent corporation EMC, to specify what data was lifted – or at the very least to say if it included details that could allow government or corporate spies to predict the one-time passwords that SecurID tokens generate every 60 seconds. And for seven days, the company has resolutely refused to answer.